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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 

WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 
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Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent tenn adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 01 July 2005 . 
2a)K This action is FINAL. 2b)n This action is non-final. 

3) Q Since this application is in condition for allowance except for fornnal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 11 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1,7-12 and 18-22 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) ^ Claim(s) 1,7-12 and 18-22 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 12 January 2004 is/are: a)S accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawjng(s) is objected to. See 37 CFR 1.121(d). 
1 !)□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
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1 .□ Certified copies of the priority documents have been received. 
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application from the International Bureau (PCT Rule 17.2(a)). 
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Attachment(s) 

1) S Notice of References Cited (PTO-892) 

2) n Notice of Draflsperson's Patent Drawing Review (PTO-948) 

3) n Information Disclosure Statement(s) {PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date . 



4) n Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) O Notice of Informal Patent Application (PTO-152) 

6) □ Other: . 



U.S. Patent and Trademartc Office 
PTOL-326 (Rev. 7-05) 



Office Action Summary 



• Part of Paper No./IVIail Date 09132005 



Application/Control Number: 09/3 1 2, 1 50 Page 2 

Art Unit: 2131 

DETAILED ACTION 

1 . This is in response to the amendment filed on 1 July 2005. 

2. Claims 1,7-12 and 18-22 are pending in the application. 

3. Claims 1, 7-12 and 18-22 have been rejected. 

4. Claims 2-6, 13-17 and 23-29 have been cancelled. 

Response to Amendment 

5. As to claims 1 and 12, the applicant has amended the claims to change the limitation of "to 
decrypt original data using the session key" to "to encrypt original data using the session key". 
The amendment to the claims overcomes the claim rejection 35 USC § 112 (2). The examiner 
withdrav^s the rejection. 

6. As to claims 1 and 12, the applicant has removed the limitation "the data packet to another 
data processing system instead of or in addition to the first data processing system using the first 
user's public key, the session key, a nev^ session key and the master public key". There no 
longer any omitted essential steps. The amendment to the claims overcomes the claim rejection 
35 USC § 1 12 (2). The examiner w^ithdraws the rejection. 

Response to Arguments 

7. Applicant's arguments vs^ith respect to claims 1,7-12 and 18-22 have been considered but are 
moot in view of the new ground(s) of rejection. 
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Claim Rejections - 35 USC § 112 
The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

8, Claims 1, 7-12 and 18-22 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter which 
was not described in the specification in such a way as to reasonably convey to one skilled in the 
relevant art that the inventor(s), at the time the application was filed, had possession of the 
claimed invention. The limitation of "a first data packet" is not enabled by the specification. 
The limitation "a second data packet including the encrypted session keys and the encrypted data 
to another data processing system instead of or in addition to the first data processing system" is 
not enabled by the specification. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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9. Claims 1, 7, 8, 12, 18 and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Cassagnol et al U.S. Patent No. 6,438,666 B2 in view of Banker et al U.S. Patent No. 
6,005,938. 

As to claims 1 and 12, Cassagnol et al discloses a method for encrypting data, the method 
comprising: 

providing a first data processing system [column 4 line 58 to column 5 
line 13]; 

providing a second data processing system including program instructions 
to generate a session key [column 11, lines 3-8], to encrypt original data using the 
session key [column 11, lines 3-8], to encrypt the session key with a first user's 
public key [column 11, lines 3-8], to encrypt the session key with a master public 
key [column 11, lines 3-8], to generate a first data packet including a session key 
and encrypted data and to transmit the first data packet to the first data processing 
system [column 11, lines 3-8]; 

generating and transmitting a second data packet including the encrypted 
session keys and the encrypted data to another data processing system instead of 
or in addition to the first data processing system [column 1 1 line 66 to column 12 
line 40]; and 

the first data processing system receiving the first data packet and 
including program instructions to decrypt the encrypted session key with a private 
key of the first user [column 19 line 57 to column 20 line 8], and to decrypt the 
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encrypted data with the session key to recreate the original data [column 19 line 
57 to column 20 line 8]. 
Cassagnol et al teaches that it is one key included in the data packet, not a plurality of 
session keys. 

Banker et al teaches a packet that contains multiple encrypted session keys used for 
different services [column 14, lines 1-15]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Cassagnol et al so that the data packet that was 
generated would have included a plurality of encrypted session keys and encrypted data. The 
generating and transmitting of the data packet would have used the user's public key, the session 
key, the new session key and the master public key. The first data processing system would have 
received the packet and decrypted one of the encrypted session keys based on the intende3d 
service with the private key of the user. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Cassagnol et al by the teaching of Banker et al because it 
provides a one-to-one correspondence between the session keys and services. So by having 
numerous session keys, the system is able to avoid replay attacks [column 2 line 52 to column 3 
line 2]. 

As to claims 7 and 18, Cassagnol et al teaches storing the user's private key on a data 
storage medium coupled to the destination data processing system [column 19, lines 1-22]. 

As to claims 8 and 1 9, Cassagnol et al teaches storing the master private key on a data 
storage medium coupled to the destination data processing system [column 19, lines 1-22]. 
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10. Claims 9, 10, 20 and 21 are rejected under 35 U.S.C 103(a) as being unpatentable over 
Cassagnol et al U.S. Patent No. 6,438,666 B2 and Banker et al U.S. Patent No. 6,005,938 as 
applied to claims 1 and 12 above, and further in view of Dillaway et al U.S. Patent No. 
5,742,756. 

As to claims 9 and 20, the Cassagnol-Banker combination does not teach retrieving the 
user's private key from a smart card utilizing a smart card reader coupled to the destination data 
processing system. 

Dillaway teaches private key stored on a smart card utilizing a smart card reader coupled 
to the destination data processing system [figure 2]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified the Cassagnol-Banker combination so that the 
user's private key is stored on a smart card coupled to the destination node. The private key is 
only retrieved when the smart card is inserted into the smart card reader. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified the Cassagnol-Banker combination by the teaching of 
Dillaway because it utilizes a smart card to perform critical cryptography operations. The smart 
Card can be programmed or otherwise configured to never expose the user's private keys. Rather 
than providing a private key to the user's computer, the key is held within the smart Card, and 
required cryptographic operations are performed on the smart Card itself. This makes it 
impossible for hostile code to obtain the private key [column 3, lines 24-31]. 
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As to claims 10 and 21, the Cassagnol-Banker combination does not teach retrieving the 
master private key from a smart card utilizing a smart card reader coupled to the destination data 
processing system. 

Dillaway teaches private key stored on a smart card utilizing a smart card reader coupled 
to the destination data processing system [figure 2]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified the Cassagnol-Banker combination so that the 
master private key is stored on a smart card coupled to the destination node. The master private 
key is only retrieved when the smart card is inserted into the smart card reader. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified the Cassagnol-Banker combination by the teaching of 
Dillaway because it utilizes a smart card to perform critical cryptography operations. The smart 
card can be programmed or otherwise configured to never expose the user's private keys. Rather 
than providing a private key to the user's computer, the key is held within the smart card, and 
required cryptographic operations are performed on the smart card itself This makes it 
impossible for hostile code to obtain the private key [column 3, lines 24-31]. 
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11. Claims 11 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Cassagnol et al U.S. Patent No. 6,438,666 B2 and Lohstroh et al U.S. Patent No. 5,768,373 
as applied to claims 1 and 12 above, and further in view of Kruys U.S. Patent No. 
5,555,309. 

As to claims 1 1, 22 and 29, the Cassagnol-Banker combination does not teach utilizing a 
plurality of public master keys and a plurality of private master keys to decrypt the encrypted 
session key. 

Kruys teaches a plurality of master keys [column 2, lines 56-67]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified the Cassagnol-Banker combination so that there 
would have been a plurality of public and private master keys to decrypt the encrypted session 
keys. There would have been multiple session keys so there would have been a public/private 
master key set to encrypt and decrypt the session keys. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified the Cassagnol-Banker combination by the teaching of 
Kruys because it utilizes master keys, each one of which is unique to a respective domain 
member, and is arranged to protect the respective member vector key of each domain member 
[column 3, lines 55-62]. 
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Conclusion 

12, Applicants amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K. Moorthy whose telephone number is 571-272-3793. 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Aravind K Moorthy 
September 13,2005 
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